What’s Privacy? :
- Privacy is the quality or state of being apart from company or observation. It is the freedom from unauthorised intrusion. Privacy defines the degree to which an individual can determine which personal information is to be shared with whom and for what purpose.
- Over 130 countries have constitutional statements for protection of privacy and over 50 + countries now have some form of privacy and data protection law and India is yet to establish a bill on Privacy!.
- It’s all too common that privacy is violated by states and companies. People are not being informed about the monitoring we’re placed under; the way our personal data are collected, analysed and shared; nor given the opportunity to question these activities.
Privacy, Security & Protection :
- Offline Privacy: The traditional understanding of privacy was very much connected to a physical space.
- Online Privacy: It also called internet privacy is the right to keep sensitive data and information produced as a result of using the web, private. Businesses acquire as much personal information. Our habits, preferences, and location are tracked and collected by companies looking to provide highly relevant information to your queries, tailored advertising campaigns, products, and services from your phone, GPS, and other devices and eventually shared with third parties.
- Data Security: In short, data privacy is about proper usage, collection, retention, deletion, and storage of data. Data security is policies, methods, and means to secure personal data. It includes access control, encryption, network security etc.
- Data Protection: Data protection is essentially amalgamated security and privacy. It is the process of safeguarding information from corruption, compromise and loss.
Classification of Data Based on Privacy :
- Personally identifiable data (PII): It is any data that could potentially be used to identify a particular person.
- Non-personally identifiable information (non-PII): Data that cannot be used on its own to trace, or identify a person, so basically the opposite of PII.
- Sensitive personally identifiable information: General Data Protection Regulation (GDPR), Not all data that qualifies as personally identifiable information is sensitive.
- Non-sensitive personally identifiable information: As popular software and websites increasingly rely on users’ personal information, PII is put at risk of exposure by cyber-attacks and data breaches. Data breaches in which PII is exposed often result in that information falling into the hands of cybercriminals or being distributed on the black market. Once exposed, attackers can use sensitive personally identifiable information to facilitate identity theft, fraud, and social engineering attacks, particularly phishing and spear phishing.
Right to Privacy :
- It is protected as an intrinsic part of the right to life and personal liberty under Article 21 and as a part of the freedoms guaranteed by Part III of the Constitution and the right to privacy is subject to reasonable restrictions.
- In the landmark case of Justice K S Puttaswamy (Retd.) vs. Union of India., the constitution bench of the Hon’ble Supreme Court has held Right to Privacy as a fundamental right, subject to certain reasonable restrictions.
- The Aadhaar Act was, however, held to be constitutional to the extent it allowed for Aadhaar number-based authentication for establishing the identity of an individual for receipt of a subsidy, benefit or service given by the Central or State Government funded from the Consolidated Fund of India.
Personal Data Protection Bill, 2018 :
- Personal Data Protection Bill, 2018 (the “Bill”) was released on July 27, 2018 along with the report by the Committee of Experts under the chairmanship of Justice B. N. Srikrishna (the “Report”). The Committee, chaired by Justice Srikrishna, was constituted by the Ministry of Electronics & Information Technology, Government of India to put together a draft of data protection law for India.
- The Bill has been drafted with an intention to fill in the vacuum that existed in the current data protection regime, and to enhance individual rights by providing individuals full control over their personal data, while ensuring a high level of data protection. It provides for the establishment of a Data Protection Authority to oversee activities that involve processing of data and this Bill may undergo further changes before it is adopted as law.